Description:
When mysql is built with openssl 1.0.1, some of the regression tests fail. This is a consequence of the default cipher selection having changed from DHE-RSA-AES256-SHA to DHE-RSA-AES256-SHA256. The specific tests that assume they know the name of the default cipher are main.openssl_1 main.ssl main.ssl_8k_key and main.ssl_compress.
How to repeat:
1. Build against opensswl 1.0.1
2. Run regression tests (with --ssl switch).
Suggested fix:
Could be kind of a PITA to fix this in a way that works for yassl, older openssl, and new openssl. I'm told there's no very easy way to force openssl to pick a specific cipher. For a near-term fix in Fedora, I'm just going to patch out the specific tests that expect a given cipher name, but that doesn't seem like a satisfactory permanent solution.

As described above, we cannot rely on cipher name used in the tests, unless we specify the cipher explicitly. There are generally two situations where a cipher should be specified:
1) when executing a command using mysql utility in a test (see e.g. ssl_8k_key.test) - then we can use --ssl-cipher argument and specify cipher, that is expected by ssl_8k_key.result
2) when creating a new connection using 'connect' command in a test, which is sometimes used together with grants requiring specific cipher - see e.g. openssl_1.test. This is more tricky, because connect command accepts only general option SSL, but doesn't allow to specify a cipher currently. This means, that if we try to connect as a user, that is required to connect only using DHE-RSA-AES256-SHA, the test won't pass, because without specifying the cipher, the default value DHE-RSA-AES256-SHA256 will be used and it'll lead to connection refused.
I'll attach a patch, that extends 'connect' command to accept "CIPHER:DHE-RSA-AES256-SHA" option, same as SSL/COMPRESS or other options. Using this we can enhance tests to use correct cipher explicitly, which is also used in the patch, so all ssl-related tests pass regardless of default cipher value.
Please, consider using something like this patch, thanks.